It’s time to get real: Computers can’t spy. They can’t violate your privacy, because they don’t know that you exist. Computers are the solution to Americans’ hyperactive privacy paranoia, not its nightmare confirmation. Next Monday’s Senate Judiciary Committee hearing on the National Security Agency’s Al Qaeda phone-tracking program should focus on the promise of computer technology in fighting terrorism, and on overcoming the impediments to using it.
The furor over the National Security Agency program has been inflamed by conflating computer scanning with human spying. Administration opponents and the media have thrown around the phrases “domestic surveillance” and “warrantless eavesdropping” to refer to what appears to be computer analysis of vast amounts of communications traffic. In only the most minute fraction of cases has a human mind attended to the results—at which point, the term “eavesdropping” may become appropriate. Most of the time, however, the communications data passed through NSA’s supercomputers without any further consequences and without any sentient being learning what the data were. Anyone who feels violated by the possibility that his international phone calls or emails joined the flood of zeros and ones that feed the NSA’s machines only to be passed by undeciphered, must believe that his wonderful individuality can spark interest even in silicon chips.
But although the NSA’s Al Qaeda communications analysis program did not in the vast majority of cases violate privacy, it probably did violate the Foreign Intelligence Surveillance Act. And that fact should serve as a warning that national security law needs reform if we want to deploy one of our greatest defensive assets—computer technology—against Islamic terrorists.
The facts about the NSA tracking program remain unknown: administration accounts and media reports are conflicting and incomplete. Assuming some truth in what has come out to date, it seems that when American soldiers and intelligence agents abroad seize phones and computers from Al Qaeda suspects, NSA computers start tracking communications to and from the phone numbers and email addresses contained in those devices, including communications between Al Qaeda suspects abroad and people here in the U.S.
Some of that mechanized tracking, it appears, simply follows calling or emailing patterns to and from the intercepted numbers and internet addresses—looking solely at phone numbers and email addresses without analyzing content. Other aspects of the program may search for certain key phrases within phone and electronic messages. And perhaps in a small percentage of cases, an NSA agent may monitor the content of highly suspicious communications between Al Qaeda operatives and U.S. residents.
Under the law, all of those methods require a court order if any of the numbers or addresses belong to U.S. citizens or legal residents, even though only a live agent poses any privacy problems. Using a computer to track phone numbers called and email addresses contacted, or to search for key words in conversations—assuming no follow-up action by the government—is a privacy-protecting measure. A computer is no more sensitive to the meaning of the millions of conversations it may be scanning for Jihadist code words than a calculator that you use to figure out your taxes is privy to your income and debt levels.
But the legal hurdles to such automated-scanning programs become significant if there’s any possibility that data on American residents are in play. To track just the phone numbers dialed out of and received by numbers contained in Khalid Sheik Mohammad’s cell phone, without any interception of content, for example, requires a court order under the Foreign Intelligence Surveillance Act, if some of those numbers belong to U.S. residents or are found in the U.S. This requirement is particularly perverse, because the Supreme Court has held that there is no Fourth Amendment privacy interest in the numbers you dial from or receive into your phone. Phone companies already possess that information, which they use (among other things) to pitch new calling plans to subscribers. Dialing patterns, therefore, have no claim to constitutionally protected privacy.
The barriers to using our computer capacity grow even more daunting when the government wants to use computers to find Jihadist language in communications. Remember: a computer cannot eavesdrop on a conversation, because it does not “know” what anyone is saying, and a key-word detection program would exclude from computer analysis all conversations and all parts of conversations that don’t use suspicious language. Nevertheless, such an insensate tracking device becomes “surveillance” for FISA purposes. Thus, in order to put a computer to work sifting through thousands of phone conversations or email messages a day, the NSA must convince the FISA court that there is probable cause to believe that every U.S. resident whose conversations will be dumbly scanned is an agent of a foreign power knowingly and illegally gathering intelligence or planning terrorism. FISA’s 72-hour emergency exception rule, which allows the government to begin monitoring a conversation and seek a warrant within 72 hours, is no help. The government will still need to prove that the thousands of electronically scanned and ignored conversations emanate from American agents of foreign governments or terrorist organizations.
Obviously, such a requirement is both unworkable and unnecessary. It is wrong to consider computer analysis a constitutional “search” of data that haven’t been selected for further inspection. Only when authorities order a follow-up investigation on selected results should a probable-cause standard come into play.
That FISA employs probable-cause standards at all is a belated encroachment on national defense that contravened centuries of constitutional thinking. The Fourth Amendment’s probable-cause requirement governs criminal prosecution. It requires public authorities to prove to a judge issuing a search or arrest warrant that there is sufficient reason to believe that the wanted individual has committed a crime or that the criminal evidence sought is likely to be in the alleged location. The purpose of probable-cause rules is to ensure that the government’s police powers are correctly targeted and do not unreasonably invade privacy. But federal judges and criminal evidentiary standards should be irrelevant when the government is gathering intelligence to prevent an attack on the country. A federal judge has no expertise in evaluating the need for and significance of foreign intelligence information. And the standard for gathering intelligence on our enemies should be lower than that for bringing the government’s penal powers to bear on citizens.
FISA’s incongruous probable-cause standards, passed in a fit of civil-libertarian zeal after the Church Committee hearings in the 1970s, however, are likely here to stay. At the very least, we should not make matters worse by equating computer interception of large-scale data with “surveillance” under FISA. Requiring probable cause for computer analysis of intelligence data would knock out our technological capacity in the war on Islamic terrorists almost as effectively as a Jihadist strike against NSA’s computers.